0

I have this method:

public async Task<string> Handle(GenerateRecoveryLinkQuery request, CancellationToken cancellationToken){
                var user = await _userManager.FindByNameAsync(request.Username);
                if (user == null)
                {
                    throw new Exception("User not found.");
                }

                var token = await _userManager.GeneratePasswordResetTokenAsync(user);
                var resetUrl = $"{baseUrl}/Auth/ResetPassword?user={request.Username}&code={HttpUtility.UrlEncode(token)}";

                var save = new RecoveryLink();
                save.Username = request.Username;
                save.Link = resetUrl;
                await DB.SaveAsync(save);
                return resetUrl;
            }

View to handle password reset:

[HttpGet("Auth/ResetPassword")]
public IActionResult ResetPassword(string user, string code)
        {
            ViewBag.Username = user;
            ViewBag.Code = code;


            return View("ResetPassword");
        }

And handler to reset password:

public async Task<String> Handle(ResetPasswordQuery request, CancellationToken cancellationToken)
            {
                var user = await _userManager.FindByNameAsync(request.Username);
                if (user == null)
                {
                    throw new Exception("User not found.");
                }
                var reset = await _userManager.ResetPasswordAsync(user, request.Token, request.newPassword);
                if (reset.Succeeded)
                {
                    return "Success";
                }
                var error = reset.Errors.Select(x=>x.Description).ToArray();

                throw new Exception (error[0]);
            }

When i tried to go throw link and setting new password, it says invalid password. But when i pass that exactly code in postman, it will succeeded. I tried HttpUtility.UrlEncode(token) and HttpUtility.UrlDecode(request.Token), but still got same error.

birsanzhar
  • 11
  • 4
  • `throw new Exception("User not found.");` <-- Please don't do this... – Dai Aug 22 '23 at 05:40
  • `HttpUtility.UrlEncode(token)` <-- You should use `Uri.EscapeDataString` here instead of `UrlEncode`: https://stackoverflow.com/questions/3572173/server-urlencode-vs-uri-escapedatastring – Dai Aug 22 '23 at 05:41
  • @Dai, i used EscapeDataString as you suggested, ` var resetUrl = $"{baseUrl}/Auth/ResetPassword?user={Uri.EscapeDataString(request.Username)}&code={Uri.EscapeDataString(token)}"; `, but i got still Invalid token error. If only i will send request throw postman, it will give me 200. But when i send request throw ajax, it gives me invalid token I read here[link](https://stackoverflow.com/questions/12271547/shouldnt-json-stringify-escape-unicode-characters) that json stringify will unescape that token – birsanzhar Aug 22 '23 at 10:37

0 Answers0